Aiutamici Forum
Benvenuto Ospite Cerca | Topic Attivi | Utenti | | Log In | Registra

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log di Hijack

4 pages: [1] 2 3 4
Mi controllate il log di Hijack Opzioni
Topic Precedente · Topic Sucessivo
giampys
Inviato: Tuesday, March 17, 2009 4:40:56 PM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
Quando lancio internet, spesso mi si blocca il pc, non l'ho riesco a scloccare nemmeno col Task, ho dovuto spegnerlo e riaccenderlo .Ho riprovato e stavolta il pc è rimasto bloccato (cioé non mi consentiva di aprire altro) ma dopo un paio di minuti si è aperta per incanto la pagina internet.
Che cosa sta succedendo?
Mi avevano consigliato nella sezione del forum di ripulire,dreframmentare, ma invano (sono operazioni che eseguo regolarmente) quindi vi posto il log:
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 16.27.45, on 17/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\HIJACK\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Programmi\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.rossoalice.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8192 bytes
Grazie ancora
Giampys
Torna in alto
 
Sponsor
Inviato: Tuesday, March 17, 2009 4:40:56 PM

 
Torna in alto
 
shapiro
Inviato: Tuesday, March 17, 2009 5:35:26 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
ciao

scarica Malwarebytes


http://www.malwarebytes.org/mbam/program/mbam-setup.exe



1) lo installi
2) lo aggiorni
3) fai una scansione scegliendo la modalità completa
4) NON eliminare le eventuali minacce che rileva
5) finita la scansione seleziona il tabellino log, apri il file di testo e postalo sul forum



Scarica Lop S&D | http://eric.71.mespages.googlepages.com/LopSD.exe
con tutte le applicazioni chiuse e disconnesso
doppio click su LopSD
scegli la lingua E (invio)
1 (ricerca) invio

al termine dello scan riavvia LopSD
questa volta scegli l'opzione 2 (invio)

allega il report C:\LopR.txt insieme ad un nuovo log di hijackthis

Torna in alto
 
giampys
Inviato: Tuesday, March 17, 2009 6:34:17 PM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
Malwarebytes' Anti-Malware 1.34
Versione del database: 1858
Windows 5.1.2600 Service Pack 3

17/03/2009 18.32.05
mbam-log-2009-03-17 (18-30-52).txt

Tipo di scansione: Scansione completa (C:\|D:\|G:\|H:\|I:\|)
Elementi scansionati: 117608
Tempo trascorso: 45 minute(s), 3 second(s)

Processi delle memoria infetti: 0
Moduli della memoria infetti: 0
Chiavi di registro infette: 1
Valori di registro infetti: 0
Elementi dato del registro infetti: 0
Cartelle infette: 0
File infetti: 0

Processi delle memoria infetti:
(Nessun elemento malevolo rilevato)

Moduli della memoria infetti:
(Nessun elemento malevolo rilevato)

Chiavi di registro infette:
HKEY_CURRENT_USER\SOFTWARE\fcn (Rogue.Residue) -> No action taken.

Valori di registro infetti:
(Nessun elemento malevolo rilevato)

Elementi dato del registro infetti:
(Nessun elemento malevolo rilevato)

Cartelle infette:
(Nessun elemento malevolo rilevato)

File infetti:
(Nessun elemento malevolo rilevato)
Torna in alto
 
shapiro
Inviato: Tuesday, March 17, 2009 6:45:36 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
riavvia il programma e rimuovi quello che ha trovato

usa anche LopSD
Torna in alto
 
giampys
Inviato: Tuesday, March 17, 2009 6:55:50 PM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
Fatto. Ti allego il report 1 e 2 di LopSD + il log di hjiack:
1*****
-------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2600+ )
BIOS : Default System BIOS
USER : Giampy ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:46 Go)
D:\ (Local Disk) - FAT32 - Total:17 Go (Free:16 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:39 Go (Free:30 Go)
H:\ (Local Disk) - NTFS - Total:58 Go (Free:10 Go)
I:\ (Local Disk) - NTFS - Total:55 Go (Free:29 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( 17/03/2009|18.36 )

--------------------\\ Listing folders in DATIAP~1

[14/03/2009|12.10] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[17/07/2006|10.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ahead
[06/02/2009|20.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg8
[13/01/2007|23.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink
[25/08/2008|11.41] C:\DOCUME~1\ALLUSE~1\DATIAP~1\EnterNHelp
[06/01/2009|12.19] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[04/01/2009|23.16] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[29/04/2007|13.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[19/09/2006|21.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Motive
[21/04/2008|23.14] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MSN6
[25/08/2008|11.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nikon
[22/10/2008|10.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NVIDIA
[29/05/2008|10.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Office Genuine Advantage
[20/08/2006|21.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\QuickTime
[13/03/2009|20.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[25/08/2008|11.37] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Stingers
[14/03/2007|11.37] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec
[11/05/2006|22.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Trymedia
[17/01/2008|20.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TVU Networks
[25/08/2008|11.41] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ultima_T15
[13/04/2006|00.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[05/01/2007|13.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Live Toolbar
[16/04/2006|23.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo! Companion
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[25|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[16/03/2006|17.27] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[24/04/2008|16.35] C:\DOCUME~1\Giampy\DATIAP~1\.clamwin
[20/01/2009|13.22] C:\DOCUME~1\Giampy\DATIAP~1\Adobe
[16/07/2006|23.50] C:\DOCUME~1\Giampy\DATIAP~1\Ahead
[05/04/2008|15.01] C:\DOCUME~1\Giampy\DATIAP~1\Auslogics
[21/04/2008|23.14] C:\DOCUME~1\Giampy\DATIAP~1\Cartella di caricamento Share-to-Web
[19/02/2007|12.08] C:\DOCUME~1\Giampy\DATIAP~1\DivX
[25/07/2007|13.21] C:\DOCUME~1\Giampy\DATIAP~1\FastStone
[21/10/2008|21.29] C:\DOCUME~1\Giampy\DATIAP~1\Google
[13/11/2007|00.55] C:\DOCUME~1\Giampy\DATIAP~1\Help
[16/03/2006|17.32] C:\DOCUME~1\Giampy\DATIAP~1\Identities
[17/03/2006|09.14] C:\DOCUME~1\Giampy\DATIAP~1\InterTrust
[21/03/2006|23.37] C:\DOCUME~1\Giampy\DATIAP~1\LG Electronics
[19/03/2006|01.05] C:\DOCUME~1\Giampy\DATIAP~1\Macromedia
[04/01/2009|23.16] C:\DOCUME~1\Giampy\DATIAP~1\Malwarebytes
[01/03/2009|12.33] C:\DOCUME~1\Giampy\DATIAP~1\Microsoft
[19/09/2006|21.41] C:\DOCUME~1\Giampy\DATIAP~1\Motive
[18/01/2009|14.06] C:\DOCUME~1\Giampy\DATIAP~1\Mozilla
[10/03/2009|19.00] C:\DOCUME~1\Giampy\DATIAP~1\MSN6
[16/07/2006|22.14] C:\DOCUME~1\Giampy\DATIAP~1\Nero
[25/08/2008|11.38] C:\DOCUME~1\Giampy\DATIAP~1\Nikon
[20/08/2006|21.35] C:\DOCUME~1\Giampy\DATIAP~1\OLYMPUS
[18/05/2008|12.47] C:\DOCUME~1\Giampy\DATIAP~1\PPLive
[27/09/2007|23.34] C:\DOCUME~1\Giampy\DATIAP~1\Simple Sudoku
[05/01/2008|18.56] C:\DOCUME~1\Giampy\DATIAP~1\SopCast
[18/06/2006|11.48] C:\DOCUME~1\Giampy\DATIAP~1\Sun
[17/03/2006|08.19] C:\DOCUME~1\Giampy\DATIAP~1\Symantec
[29/06/2008|12.11] C:\DOCUME~1\Giampy\DATIAP~1\Talkback
[18/05/2008|11.42] C:\DOCUME~1\Giampy\DATIAP~1\TVU Networks
[0|File] C:\DOCUME~1\Giampy\DATIAP~1\byte
[30|Directory] C:\DOCUME~1\Giampy\DATIAP~1\byte disponibili

[22/10/2008|10.22] C:\DOCUME~1\LOCALS~1\DATIAP~1\Google
[06/02/2009|20.04] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[16/02/2007|11.37] C:\DOCUME~1\NETWOR~1\DATIAP~1\Google
[06/02/2009|20.04] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[16/02/2007|11.23] C:\DOCUME~1\NETWOR~1\DATIAP~1\Symantec
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[5|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[16/03/2009 23.08][--a------] C:\WINDOWS\tasks\OGADaily.job
[15/03/2009 13.05][--a------] C:\WINDOWS\tasks\OGALogon.job
[17/03/2009 18.20][--a------] C:\WINDOWS\tasks\Verifica aggiornamenti per Windows Live Toolbar.job
[17/03/2009 16.18][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[14/03/2009|12.10] C:\Programmi\Adobe
[18/12/2007|22.35] C:\Programmi\Atomic Clock
[05/04/2008|15.01] C:\Programmi\Auslogics
[30/05/2008|11.36] C:\Programmi\AVG
[16/03/2006|17.42] C:\Programmi\AvRack
[30/06/2007|11.35] C:\Programmi\BitTorrent Fastest Tool
[02/06/2007|22.39] C:\Programmi\bobyte
[24/04/2008|16.35] C:\Programmi\ClamWin
[17/03/2006|22.09] C:\Programmi\Common Files
[16/03/2006|17.24] C:\Programmi\ComPlus Applications
[19/02/2007|12.04] C:\Programmi\DivX
[17/03/2006|10.05] C:\Programmi\DVD Shrink
[17/03/2006|09.58] C:\Programmi\DVDFab Decrypter
[28/05/2008|16.29] C:\Programmi\E.M. PowerPoint Video Converter
[19/12/2007|12.01] C:\Programmi\Easy TV Free
[28/07/2007|21.44] C:\Programmi\EPSON
[25/07/2007|13.21] C:\Programmi\FastStone Image Viewer
[03/01/2009|00.49] C:\Programmi\File comuni
[06/01/2009|13.49] C:\Programmi\Google
[05/05/2008|21.05] C:\Programmi\HIJACK
[28/04/2006|23.52] C:\Programmi\Incomplete
[21/01/2009|12.13] C:\Programmi\InstallShield Installation Information
[11/02/2009|13.07] C:\Programmi\Internet Explorer
[17/03/2006|09.09] C:\Programmi\Jasc Software Inc
[09/12/2008|22.54] C:\Programmi\Java
[11/05/2008|11.05] C:\Programmi\Lavalys
[16/04/2006|11.25] C:\Programmi\LG PC Suite
[16/05/2008|11.43] C:\Programmi\MagicKey
[17/03/2009|18.32] C:\Programmi\Malwarebytes' Anti-Malware
[31/10/2006|17.46] C:\Programmi\Mediacenter
[13/08/2008|21.52] C:\Programmi\Messenger
[16/03/2006|17.27] C:\Programmi\microsoft frontpage
[07/11/2008|16.37] C:\Programmi\Microsoft Office
[28/02/2009|11.27] C:\Programmi\Microsoft Silverlight
[17/03/2006|08.42] C:\Programmi\Microsoft Visual Studio
[16/01/2007|00.45] C:\Programmi\Microsoft Works
[17/03/2006|08.43] C:\Programmi\Microsoft.NET
[29/05/2008|12.45] C:\Programmi\Movie Maker
[16/03/2009|18.12] C:\Programmi\Mozilla Firefox
[01/01/2008|23.33] C:\Programmi\mp3DirectCut
[17/02/2009|19.35] C:\Programmi\MSECache
[16/03/2006|17.23] C:\Programmi\MSN
[16/03/2006|17.23] C:\Programmi\MSN Gaming Zone
[21/10/2008|21.25] C:\Programmi\MSN Messenger
[16/04/2006|10.59] C:\Programmi\MSN Toolbar Suite
[17/11/2006|11.20] C:\Programmi\MSXML 4.0
[27/09/2007|14.28] C:\Programmi\Multi_Media_Italy
[10/12/2007|11.46] C:\Programmi\NASDAK
[17/03/2006|08.54] C:\Programmi\Nero
[29/05/2008|12.41] C:\Programmi\NetMeeting
[25/08/2008|11.37] C:\Programmi\Nikon
[14/03/2007|11.44] C:\Programmi\Norton SystemWorks
[30/11/2007|09.49] C:\Programmi\NVIDIA Corporation
[20/08/2006|21.33] C:\Programmi\OLYMPUS
[29/05/2008|12.41] C:\Programmi\Outlook Express
[09/05/2008|10.35] C:\Programmi\Panda Security
[17/03/2006|22.09] C:\Programmi\Pirelli
[20/08/2006|21.32] C:\Programmi\PIXELA
[12/05/2006|22.27] C:\Programmi\Play at Joe's
[18/07/2007|10.06] C:\Programmi\Player Tool
[07/03/2009|22.24] C:\Programmi\PPLive
[28/05/2008|17.40] C:\Programmi\Presentersoft PowerVideoMaker
[29/03/2006|21.42] C:\Programmi\progettovincita
[22/11/2007|12.14] C:\Programmi\Psicologia
[20/08/2006|21.30] C:\Programmi\QuickTime
[07/08/2006|20.52] C:\Programmi\real
[30/11/2007|10.01] C:\Programmi\Realtek
[16/03/2006|17.42] C:\Programmi\Realtek Sound Manager
[16/03/2006|17.26] C:\Programmi\Servizi in linea
[08/07/2008|11.52] C:\Programmi\SharkMate
[07/08/2006|20.53] C:\Programmi\Sierra On-Line
[17/03/2006|09.38] C:\Programmi\SlySoft
[03/01/2009|00.39] C:\Programmi\SopCast
[13/03/2009|19.53] C:\Programmi\Spybot - Search & Destroy
[24/05/2007|10.09] C:\Programmi\SpywareBlaster
[14/03/2007|11.45] C:\Programmi\Symantec
[29/08/2007|22.25] C:\Programmi\Tacmi
[16/04/2006|10.59] C:\Programmi\Telecom Italia
[09/02/2009|23.20] C:\Programmi\Tressette v3.0
[16/02/2008|18.08] C:\Programmi\TVAnts
[03/01/2009|00.39] C:\Programmi\TVUPlayer
[16/03/2006|17.32] C:\Programmi\Uninstall Information
[17/03/2009|17.38] C:\Programmi\Unlocker
[24/05/2006|17.13] C:\Programmi\vso
[30/11/2007|00.27] C:\Programmi\Windows Live Favorites
[30/11/2007|00.27] C:\Programmi\Windows Live Toolbar
[02/12/2006|00.53] C:\Programmi\Windows Media Connect 2
[02/10/2008|19.03] C:\Programmi\Windows Media Player
[29/05/2008|12.41] C:\Programmi\Windows NT
[17/03/2006|10.04] C:\Programmi\WindowsUpdate
[20/04/2006|23.08] C:\Programmi\WinRAR
[16/03/2006|17.27] C:\Programmi\xerox
[20/05/2006|20.54] C:\Programmi\XVid;-)
[16/04/2006|23.47] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[96|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[14/03/2009|12.10] C:\Programmi\File comuni\Adobe
[16/07/2006|20.41] C:\Programmi\File comuni\Ahead
[17/03/2006|08.42] C:\Programmi\File comuni\DESIGNER
[18/03/2006|11.36] C:\Programmi\File comuni\EPSON
[18/03/2006|11.53] C:\Programmi\File comuni\Hewlett-Packard
[21/03/2006|23.33] C:\Programmi\File comuni\InstallShield
[24/04/2006|17.51] C:\Programmi\File comuni\Java
[07/11/2008|16.37] C:\Programmi\File comuni\Microsoft Shared
[19/09/2006|21.38] C:\Programmi\File comuni\Motive
[16/03/2006|17.24] C:\Programmi\File comuni\MSSoap
[25/08/2008|11.38] C:\Programmi\File comuni\muvee Technologies
[25/08/2008|11.38] C:\Programmi\File comuni\Nikon
[15/04/2007|19.51] C:\Programmi\File comuni\Nullsoft
[16/03/2006|17.17] C:\Programmi\File comuni\ODBC
[16/03/2006|17.25] C:\Programmi\File comuni\Services
[16/03/2006|17.17] C:\Programmi\File comuni\SpeechEngines
[18/01/2009|11.31] C:\Programmi\File comuni\Symantec Shared
[29/05/2008|12.41] C:\Programmi\File comuni\System
[02/09/2008|10.27] C:\Programmi\File comuni\Wise Installation Wizard
[0|File] C:\Programmi\File comuni\byte
[21|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 37 Processes )

IEXPLORE.EXE ~ [PID:2092]

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

C:\DOCUME~1\Giampy\IMPOST~1\Temp\nsm3.tmp
C:\Programmi\BitTorrent Fastest Tool
C:\Programmi\BitTorrent Fastest Tool\INSTALL.LOG
C:\Programmi\Multi_Media_Italy
C:\Programmi\Multi_Media_Italy\INSTALL.LOG
C:\Programmi\Multi_Media_Italy\tbMult.dll
C:\Programmi\Multi_Media_Italy\toolbar.cfg
C:\Programmi\Multi_Media_Italy\UNWISE.EXE

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 18:37:53
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq.dat
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq.exe
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq_nav.dat
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq_navps.dat
==> EGDACCESS <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Giampy\Desktop\Collegamenti desktop inutilizzati\Nero 7.0.1.2\keygen.exe


[F:13][D:6]-> C:\DOCUME~1\Giampy\IMPOST~1\Temp
[F:20][D:0]-> C:\DOCUME~1\Giampy\Cookies
[F:1355][D:7]-> C:\DOCUME~1\Giampy\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 17/03/2009|18.38 - Option : [1]

--------------------\\ Scan completed at 18.38.50
***************************************************************************************************2**
--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : AMD Sempron(tm) Processor 2600+ )
BIOS : Default System BIOS
USER : Giampy ( Administrator )
BOOT : Normal boot
Antivirus : AVG Anti-Virus Free 8.0 (Activated)
Firewall : ActiveArmor Firewall 1.0 (Not Activated)
A:\ (USB)
C:\ (Local Disk) - NTFS - Total:58 Go (Free:46 Go)
D:\ (Local Disk) - FAT32 - Total:17 Go (Free:16 Go)
E:\ (CD or DVD)
F:\ (CD or DVD)
G:\ (Local Disk) - NTFS - Total:39 Go (Free:30 Go)
H:\ (Local Disk) - NTFS - Total:58 Go (Free:10 Go)
I:\ (Local Disk) - NTFS - Total:55 Go (Free:29 Go)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [2] ( 17/03/2009|18.42 )


\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\ FIX

Deleted! - C:\DOCUME~1\Giampy\IMPOST~1\Temp\nsm3.tmp
Deleted! - C:\Programmi\BitTorrent Fastest Tool\INSTALL.LOG
Deleted! - C:\Programmi\Multi_Media_Italy\INSTALL.LOG
Deleted! - C:\Programmi\Multi_Media_Italy\tbMult.dll
Deleted! - C:\Programmi\Multi_Media_Italy\toolbar.cfg
Deleted! - C:\Programmi\Multi_Media_Italy\UNWISE.EXE
Deleted! - C:\Programmi\BitTorrent Fastest Tool
Deleted! - C:\Programmi\Multi_Media_Italy
-
[ Hosts file ] .. Restored!

\\\\\\\\\\\\\\\\\\\\\\\\\\\\\\


--------------------\\ Listing folders in DATIAP~1

[14/03/2009|12.10] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Adobe
[17/07/2006|10.54] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ahead
[06/02/2009|20.05] C:\DOCUME~1\ALLUSE~1\DATIAP~1\avg8
[13/01/2007|23.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\DVD Shrink
[25/08/2008|11.41] C:\DOCUME~1\ALLUSE~1\DATIAP~1\EnterNHelp
[06/01/2009|12.19] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Google
[04/01/2009|23.16] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Malwarebytes
[29/04/2007|13.26] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Microsoft
[19/09/2006|21.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Motive
[21/04/2008|23.14] C:\DOCUME~1\ALLUSE~1\DATIAP~1\MSN6
[25/08/2008|11.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Nikon
[22/10/2008|10.27] C:\DOCUME~1\ALLUSE~1\DATIAP~1\NVIDIA
[29/05/2008|10.45] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Office Genuine Advantage
[20/08/2006|21.30] C:\DOCUME~1\ALLUSE~1\DATIAP~1\QuickTime
[13/03/2009|20.07] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Spybot - Search & Destroy
[25/08/2008|11.37] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Stingers
[14/03/2007|11.37] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Symantec
[11/05/2006|22.52] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Trymedia
[17/01/2008|20.38] C:\DOCUME~1\ALLUSE~1\DATIAP~1\TVU Networks
[25/08/2008|11.41] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Ultima_T15
[13/04/2006|00.09] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Genuine Advantage
[05/01/2007|13.17] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Windows Live Toolbar
[16/04/2006|23.49] C:\DOCUME~1\ALLUSE~1\DATIAP~1\Yahoo! Companion
[0|File] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte
[25|Directory] C:\DOCUME~1\ALLUSE~1\DATIAP~1\byte disponibili

[16/03/2006|17.27] C:\DOCUME~1\DEFAUL~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte
[3|Directory] C:\DOCUME~1\DEFAUL~1\DATIAP~1\byte disponibili

[24/04/2008|16.35] C:\DOCUME~1\Giampy\DATIAP~1\.clamwin
[20/01/2009|13.22] C:\DOCUME~1\Giampy\DATIAP~1\Adobe
[16/07/2006|23.50] C:\DOCUME~1\Giampy\DATIAP~1\Ahead
[05/04/2008|15.01] C:\DOCUME~1\Giampy\DATIAP~1\Auslogics
[21/04/2008|23.14] C:\DOCUME~1\Giampy\DATIAP~1\Cartella di caricamento Share-to-Web
[19/02/2007|12.08] C:\DOCUME~1\Giampy\DATIAP~1\DivX
[25/07/2007|13.21] C:\DOCUME~1\Giampy\DATIAP~1\FastStone
[21/10/2008|21.29] C:\DOCUME~1\Giampy\DATIAP~1\Google
[13/11/2007|00.55] C:\DOCUME~1\Giampy\DATIAP~1\Help
[16/03/2006|17.32] C:\DOCUME~1\Giampy\DATIAP~1\Identities
[17/03/2006|09.14] C:\DOCUME~1\Giampy\DATIAP~1\InterTrust
[21/03/2006|23.37] C:\DOCUME~1\Giampy\DATIAP~1\LG Electronics
[19/03/2006|01.05] C:\DOCUME~1\Giampy\DATIAP~1\Macromedia
[04/01/2009|23.16] C:\DOCUME~1\Giampy\DATIAP~1\Malwarebytes
[01/03/2009|12.33] C:\DOCUME~1\Giampy\DATIAP~1\Microsoft
[19/09/2006|21.41] C:\DOCUME~1\Giampy\DATIAP~1\Motive
[18/01/2009|14.06] C:\DOCUME~1\Giampy\DATIAP~1\Mozilla
[10/03/2009|19.00] C:\DOCUME~1\Giampy\DATIAP~1\MSN6
[16/07/2006|22.14] C:\DOCUME~1\Giampy\DATIAP~1\Nero
[25/08/2008|11.38] C:\DOCUME~1\Giampy\DATIAP~1\Nikon
[20/08/2006|21.35] C:\DOCUME~1\Giampy\DATIAP~1\OLYMPUS
[18/05/2008|12.47] C:\DOCUME~1\Giampy\DATIAP~1\PPLive
[27/09/2007|23.34] C:\DOCUME~1\Giampy\DATIAP~1\Simple Sudoku
[05/01/2008|18.56] C:\DOCUME~1\Giampy\DATIAP~1\SopCast
[18/06/2006|11.48] C:\DOCUME~1\Giampy\DATIAP~1\Sun
[17/03/2006|08.19] C:\DOCUME~1\Giampy\DATIAP~1\Symantec
[29/06/2008|12.11] C:\DOCUME~1\Giampy\DATIAP~1\Talkback
[18/05/2008|11.42] C:\DOCUME~1\Giampy\DATIAP~1\TVU Networks
[0|File] C:\DOCUME~1\Giampy\DATIAP~1\byte
[30|Directory] C:\DOCUME~1\Giampy\DATIAP~1\byte disponibili

[22/10/2008|10.22] C:\DOCUME~1\LOCALS~1\DATIAP~1\Google
[06/02/2009|20.04] C:\DOCUME~1\LOCALS~1\DATIAP~1\Microsoft
[0|File] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte
[4|Directory] C:\DOCUME~1\LOCALS~1\DATIAP~1\byte disponibili

[16/02/2007|11.37] C:\DOCUME~1\NETWOR~1\DATIAP~1\Google
[06/02/2009|20.04] C:\DOCUME~1\NETWOR~1\DATIAP~1\Microsoft
[16/02/2007|11.23] C:\DOCUME~1\NETWOR~1\DATIAP~1\Symantec
[0|File] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte
[5|Directory] C:\DOCUME~1\NETWOR~1\DATIAP~1\byte disponibili

--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[16/03/2009 23.08][--a------] C:\WINDOWS\tasks\OGADaily.job
[15/03/2009 13.05][--a------] C:\WINDOWS\tasks\OGALogon.job
[17/03/2009 18.20][--a------] C:\WINDOWS\tasks\Verifica aggiornamenti per Windows Live Toolbar.job
[17/03/2009 16.18][--ah-----] C:\WINDOWS\tasks\SA.DAT
[31/08/2001 13.00][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Programmi

[14/03/2009|12.10] C:\Programmi\Adobe
[18/12/2007|22.35] C:\Programmi\Atomic Clock
[05/04/2008|15.01] C:\Programmi\Auslogics
[30/05/2008|11.36] C:\Programmi\AVG
[16/03/2006|17.42] C:\Programmi\AvRack
[02/06/2007|22.39] C:\Programmi\bobyte
[24/04/2008|16.35] C:\Programmi\ClamWin
[17/03/2006|22.09] C:\Programmi\Common Files
[16/03/2006|17.24] C:\Programmi\ComPlus Applications
[19/02/2007|12.04] C:\Programmi\DivX
[17/03/2006|10.05] C:\Programmi\DVD Shrink
[17/03/2006|09.58] C:\Programmi\DVDFab Decrypter
[28/05/2008|16.29] C:\Programmi\E.M. PowerPoint Video Converter
[19/12/2007|12.01] C:\Programmi\Easy TV Free
[28/07/2007|21.44] C:\Programmi\EPSON
[25/07/2007|13.21] C:\Programmi\FastStone Image Viewer
[03/01/2009|00.49] C:\Programmi\File comuni
[06/01/2009|13.49] C:\Programmi\Google
[05/05/2008|21.05] C:\Programmi\HIJACK
[28/04/2006|23.52] C:\Programmi\Incomplete
[21/01/2009|12.13] C:\Programmi\InstallShield Installation Information
[11/02/2009|13.07] C:\Programmi\Internet Explorer
[17/03/2006|09.09] C:\Programmi\Jasc Software Inc
[09/12/2008|22.54] C:\Programmi\Java
[11/05/2008|11.05] C:\Programmi\Lavalys
[16/04/2006|11.25] C:\Programmi\LG PC Suite
[16/05/2008|11.43] C:\Programmi\MagicKey
[17/03/2009|18.32] C:\Programmi\Malwarebytes' Anti-Malware
[31/10/2006|17.46] C:\Programmi\Mediacenter
[13/08/2008|21.52] C:\Programmi\Messenger
[16/03/2006|17.27] C:\Programmi\microsoft frontpage
[07/11/2008|16.37] C:\Programmi\Microsoft Office
[28/02/2009|11.27] C:\Programmi\Microsoft Silverlight
[17/03/2006|08.42] C:\Programmi\Microsoft Visual Studio
[16/01/2007|00.45] C:\Programmi\Microsoft Works
[17/03/2006|08.43] C:\Programmi\Microsoft.NET
[29/05/2008|12.45] C:\Programmi\Movie Maker
[16/03/2009|18.12] C:\Programmi\Mozilla Firefox
[01/01/2008|23.33] C:\Programmi\mp3DirectCut
[17/02/2009|19.35] C:\Programmi\MSECache
[16/03/2006|17.23] C:\Programmi\MSN
[16/03/2006|17.23] C:\Programmi\MSN Gaming Zone
[21/10/2008|21.25] C:\Programmi\MSN Messenger
[16/04/2006|10.59] C:\Programmi\MSN Toolbar Suite
[17/11/2006|11.20] C:\Programmi\MSXML 4.0
[10/12/2007|11.46] C:\Programmi\NASDAK
[17/03/2006|08.54] C:\Programmi\Nero
[29/05/2008|12.41] C:\Programmi\NetMeeting
[25/08/2008|11.37] C:\Programmi\Nikon
[14/03/2007|11.44] C:\Programmi\Norton SystemWorks
[30/11/2007|09.49] C:\Programmi\NVIDIA Corporation
[20/08/2006|21.33] C:\Programmi\OLYMPUS
[29/05/2008|12.41] C:\Programmi\Outlook Express
[09/05/2008|10.35] C:\Programmi\Panda Security
[17/03/2006|22.09] C:\Programmi\Pirelli
[20/08/2006|21.32] C:\Programmi\PIXELA
[12/05/2006|22.27] C:\Programmi\Play at Joe's
[18/07/2007|10.06] C:\Programmi\Player Tool
[07/03/2009|22.24] C:\Programmi\PPLive
[28/05/2008|17.40] C:\Programmi\Presentersoft PowerVideoMaker
[29/03/2006|21.42] C:\Programmi\progettovincita
[22/11/2007|12.14] C:\Programmi\Psicologia
[20/08/2006|21.30] C:\Programmi\QuickTime
[07/08/2006|20.52] C:\Programmi\real
[30/11/2007|10.01] C:\Programmi\Realtek
[16/03/2006|17.42] C:\Programmi\Realtek Sound Manager
[16/03/2006|17.26] C:\Programmi\Servizi in linea
[08/07/2008|11.52] C:\Programmi\SharkMate
[07/08/2006|20.53] C:\Programmi\Sierra On-Line
[17/03/2006|09.38] C:\Programmi\SlySoft
[03/01/2009|00.39] C:\Programmi\SopCast
[13/03/2009|19.53] C:\Programmi\Spybot - Search & Destroy
[24/05/2007|10.09] C:\Programmi\SpywareBlaster
[14/03/2007|11.45] C:\Programmi\Symantec
[29/08/2007|22.25] C:\Programmi\Tacmi
[16/04/2006|10.59] C:\Programmi\Telecom Italia
[09/02/2009|23.20] C:\Programmi\Tressette v3.0
[16/02/2008|18.08] C:\Programmi\TVAnts
[03/01/2009|00.39] C:\Programmi\TVUPlayer
[16/03/2006|17.32] C:\Programmi\Uninstall Information
[17/03/2009|17.38] C:\Programmi\Unlocker
[24/05/2006|17.13] C:\Programmi\vso
[30/11/2007|00.27] C:\Programmi\Windows Live Favorites
[30/11/2007|00.27] C:\Programmi\Windows Live Toolbar
[02/12/2006|00.53] C:\Programmi\Windows Media Connect 2
[02/10/2008|19.03] C:\Programmi\Windows Media Player
[29/05/2008|12.41] C:\Programmi\Windows NT
[17/03/2006|10.04] C:\Programmi\WindowsUpdate
[20/04/2006|23.08] C:\Programmi\WinRAR
[16/03/2006|17.27] C:\Programmi\xerox
[20/05/2006|20.54] C:\Programmi\XVid;-)
[16/04/2006|23.47] C:\Programmi\Yahoo!
[0|File] C:\Programmi\byte
[94|Directory] C:\Programmi\byte disponibili

--------------------\\ Listing Folders in C:\Programmi\File comuni

[14/03/2009|12.10] C:\Programmi\File comuni\Adobe
[16/07/2006|20.41] C:\Programmi\File comuni\Ahead
[17/03/2006|08.42] C:\Programmi\File comuni\DESIGNER
[18/03/2006|11.36] C:\Programmi\File comuni\EPSON
[18/03/2006|11.53] C:\Programmi\File comuni\Hewlett-Packard
[21/03/2006|23.33] C:\Programmi\File comuni\InstallShield
[24/04/2006|17.51] C:\Programmi\File comuni\Java
[07/11/2008|16.37] C:\Programmi\File comuni\Microsoft Shared
[19/09/2006|21.38] C:\Programmi\File comuni\Motive
[16/03/2006|17.24] C:\Programmi\File comuni\MSSoap
[25/08/2008|11.38] C:\Programmi\File comuni\muvee Technologies
[25/08/2008|11.38] C:\Programmi\File comuni\Nikon
[15/04/2007|19.51] C:\Programmi\File comuni\Nullsoft
[16/03/2006|17.17] C:\Programmi\File comuni\ODBC
[16/03/2006|17.25] C:\Programmi\File comuni\Services
[16/03/2006|17.17] C:\Programmi\File comuni\SpeechEngines
[18/01/2009|11.31] C:\Programmi\File comuni\Symantec Shared
[29/05/2008|12.41] C:\Programmi\File comuni\System
[02/09/2008|10.27] C:\Programmi\File comuni\Wise Installation Wizard
[0|File] C:\Programmi\File comuni\byte
[21|Directory] C:\Programmi\File comuni\byte disponibili

--------------------\\ Process

( 35 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-03-17 18:43:47
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 0

--------------------\\ Searching for other infections


C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq.dat
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq.exe
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq_nav.dat
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq_navps.dat
==> EGDACCESS <==

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Giampy\Desktop\Collegamenti desktop inutilizzati\Nero 7.0.1.2\keygen.exe


[F:10][D:5]-> C:\DOCUME~1\Giampy\IMPOST~1\Temp
[F:20][D:0]-> C:\DOCUME~1\Giampy\Cookies
[F:1360][D:7]-> C:\DOCUME~1\Giampy\IMPOST~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - 17/03/2009|18.38 - Option : [1]
2 - "C:\Lop SD\LopR_2.txt" - 17/03/2009|18.44 - Option : [2]

--------------------\\ Scan completed at 18.44.37
******************************************************************************************************Log di HG
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18.49.55, on 17/03/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16791)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Programmi\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\Java\jre6\bin\jqs.exe
C:\Programmi\File comuni\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
C:\Programmi\Telecom Italia\WanMiniport1st\WanMiniport1st_srv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\svchost.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Programmi\AVG\AVG8\avgcsrvx.exe
C:\Programmi\File comuni\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Programmi\Internet Explorer\IEXPLORE.EXE
C:\Programmi\HIJACK\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.virgilio.it/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.it/0SEITIT/SAOS01?FORM=TOOLBR
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1;<local>
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Collegamenti
O2 - BHO: Supporto di collegamento per Adobe PDF Reader - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Programmi\File comuni\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programmi\AVG\AVG8\avgssie.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programmi\Java\jre6\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programmi\File comuni\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programmi\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Windows Live Toolbar Helper - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Programmi\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programmi\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Programmi\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programmi\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: Windows Live Toolbar - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Programmi\Windows Live Toolbar\msntb.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Programmi\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\pchealth\helpctr\Binaries\MSCONFIG.EXE /auto
O4 - HKLM\..\RunOnce: [Malwarebytes' Anti-Malware] C:\Programmi\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
O8 - Extra context menu item: &Windows Live Search - res://C:\Programmi\Windows Live Toolbar\msntb.dll/search.htm
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.live.com/quickadd.aspx
O8 - Extra context menu item: E&sporta in Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Ricerche - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Programmi\Messenger\msmsgs.exe
O14 - IERESET.INF: START_PAGE_URL=http://gw.aliceadsl.it/home
O15 - Trusted Zone: *.rossoalice.it
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zone.msn.com/binary/msgrchkr.cab31267.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab
O16 - DPF: {14B87622-7E19-4EA8-93B3-97215F77A6BC} (MessengerStatsClient Class) - http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab31267.cab
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/activescan/as5free/asinst.cab
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.aol.com/downloads/aol/unagi/ampx_en_dl.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programmi\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: EPSON Printer Status Agent2 (EPSONStatusAgent2) - SEIKO EPSON CORPORATION - C:\Programmi\File comuni\EPSON\EBAPI\SAgent2.exe
O23 - Service: Forceware Web Interface (ForcewareWebInterface) - Apache Software Foundation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\Apache Group\Apache2\bin\apache.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Programmi\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Programmi\Java\jre6\bin\jqs.exe
O23 - Service: Network WanMiniport First Position - Unknown owner - C:\Programmi\Telecom Italia\WanMiniport1st\srvany.exe
O23 - Service: ForceWare IP service (nSvcIp) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcIp.exe
O23 - Service: ForceWare user log service (nSvcLog) - NVIDIA Corporation - C:\Programmi\NVIDIA Corporation\NetworkAccessManager\bin\nSvcLog.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

--
End of file - 8055 bytes
Grazie ancora
Torna in alto
 
shapiro
Inviato: Tuesday, March 17, 2009 10:58:51 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
visualizza i file nascosti

-Tasto destro su Start--Esplora--Menù Strumenti--Opzioni Cartella--Visualizzazione
-Mettere la spunta a 'Visualizza tutti i files' o "Visualizza cartelle e files nascosti"
-Togliere la spunta a 'Non visualizzare cartelle e files di sistema' o "Nascondi i files protetti di sistema"

controlla se nel pc hai questi file segnati in rosso

C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq.dat
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq.exe
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq_nav.dat
C:\DOCUME~1\Giampy\IMPOST~1\DATIAP~1\ikecq_navps.dat

se ne trovi anche uno solo, eliminalo
Torna in alto
 
giampys
Inviato: Wednesday, March 18, 2009 12:00:33 AM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
Ok fatto, Ho eliminato tutte le voci indicatomi, spero adesso vada bene.
Se non devo far altro ti ringrazio e nel caso ci risentiamo. BuonaNotte
Giampy
Torna in alto
 
shapiro
Inviato: Wednesday, March 18, 2009 9:02:17 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
analizza qui ► http://www.virustotal.com/it/

questo segnato in rosso

C:\DOCUME~1\Giampy\Desktop\Collegamenti desktop inutilizzati\Nero 7.0.1.2\keygen.exe


controlla il report e se puoi postalo
Torna in alto
 
shapiro
Inviato: Wednesday, March 18, 2009 9:39:38 AM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
analizza qui ► http://www.virustotal.com/it/

questo segnato in rosso

C:\DOCUME~1\Giampy\Desktop\Collegamenti desktop inutilizzati\Nero 7.0.1.2\keygen.exe


controlla il report e se puoi postalo
Torna in alto
 
giampys
Inviato: Wednesday, March 18, 2009 7:59:39 PM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
Ok! Dopo aver clikkato su invia file,
Mi è uscita una pagina bianca con:
0 bytes size received / Se ha recibido un archivo vacio
Che vuol dire?
Comunque il problema persiste, finchè non si apre la pagina internet il pc resta bloccato, poi dopo l'apertura è tutto ok
Giampys
Torna in alto
 
shapiro
Inviato: Wednesday, March 18, 2009 8:30:45 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
prova ad analizzarlo da qui ► http://virusscan.jotti.org/

analizzalo anche col tuo antivirus
Torna in alto
 
giampys
Inviato: Wednesday, March 18, 2009 9:35:52 PM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
mi da questa risposta:
The file you uploaded is 0 bytes. It is very likely a firewall or a piece of malware is prohibiting you from uploading this file
Torna in alto
 
shapiro
Inviato: Wednesday, March 18, 2009 9:40:48 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164

Disattiva l'antivirus e i programmi anti-spyware

Disconnetti il pc da internet


scarica

http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Doppio click su combofix.exe e segui le istruzioni passo a passo, ricordati di dare invio dopo i vari passaggi

Quando avrà finito creerà il log C:\combofix.txt salvalo e postalo come gli altri report.

Nota bene : durante la scansione verranno creati dei file sul desktop e scompariranno le icone, potrebbe succedere che qualche programma ti chiede cosa fare per la rimozione dei drivers, in questo caso accossenti, si tratta probabilmente di drivers infetti.

Il programma creerà la cartella C:\QooBox ed all'interno della stessa verrà posizionato un backup dei files rimossi ed un file di backup del registro di windows chiamato Hiv-backup.

NON TOCCARE MOUSE E TASTIERA durante la scansione
Torna in alto
 
giampys
Inviato: Wednesday, March 18, 2009 10:13:31 PM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
Possiedo come antivirus AVG come si fa a disattivarlo?
Torna in alto
 
shapiro
Inviato: Wednesday, March 18, 2009 10:15:04 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
dovresti avere nella tray bar l'icona, vicino l'orologio - cliccaci col tasto destro e disattivalo
Torna in alto
 
giampys
Inviato: Wednesday, March 18, 2009 10:16:01 PM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
Non c'è!
Torna in alto
 
shapiro
Inviato: Wednesday, March 18, 2009 10:16:59 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
che versione hai?
Torna in alto
 
giampys
Inviato: Wednesday, March 18, 2009 10:17:38 PM
Rank: AiutAmico

Iscritto dal : 6/17/2006
Posts: 165
AVG8.0
Torna in alto
 
shapiro
Inviato: Wednesday, March 18, 2009 10:19:01 PM

Rank: AiutAmico

Iscritto dal : 8/24/2008
Posts: 4,164
dall icona che ce nella barra delle applicazioni,cliccaci col destro,poi col sinistro clicca su(esci-o exit) deve esserci
Torna in alto
 
Utenti presenti in questo topic
Guest

4 pages: [1] 2 3 4

Aiutamici Forum » FORUM - Istruzioni e Guide » Sicurezza VIRUS » Mi controllate il log di Hijack


Salta al Forum
Aggiunta nuovi Topic disabilitata in questo forum.
Risposte disabilitate in questo forum.
Eliminazione tuoi Post disabilitata in questo forum.
Modifica dei tuoi post disabilitata in questo forum.
Creazione Sondaggi disabilitata in questo forum.
Voto ai sondaggi disabilitato in questo forum.

Main Forum RSS : RSS

Aiutamici Theme
Powered by Yet Another Forum.net versione 1.9.1.8 (NET v2.0) - 3/29/2008
Copyright © 2003-2008 Yet Another Forum.net. All rights reserved.